The check here is not critical as its used only to provide the user
with an option to fix it before failing validation in the service.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
For password/PIN requests such as for a token, the type of the request includes
the token name. This string is included in the response (parsed as param->id).
When such strings contain special characters such as quotes, we currently fail
as openvpn.exe cannot parse the response correctly:
Eg., token name = "Test Token" including the quotes, lead to the following error:
password of type '' entered, but we need one of type '"Test Token" token'
We already escape username and password. Escape param->id as well.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The message file eventmsg.mc is copied from oepenvpnserv
sources so that we can reuse openvpnservmsg.dll as our
event source.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
If OpenVPN3 is enabled then the check needs to verify against the
`omi_exe_path` registry key, not the `exe_path` key.
Signed-off-by: Christopher Ng <facboy@gmail.com>
This is slightly better than macthing only "http"
Found by ZeroPath
Reported by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Check that the process listening on management port has image path
matching exe_path set in the registry. The check is done soon after
connecting to the port, but before sending any data to it.
Helps with:
(i) not revealing management password to a malicious process
(ii) passing user credentials etc. only to a known process
(iii) ensuring PLAP interface is connecting to a known process
Note: This uses an undocumented API as alternatives like "QueryFullProcessImageNameW"
requires PROCESS_QUERY_INFORMATION rights which we normally do not have.
Motivated by some issues found by ZeroPath
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We send this message from the connection thread to the main
thread using a blocking SendMesssage as the echo message to display is
cleared soon after. This sometimes leads to timeouts (and
thus long waits). Avoid timeout using Async ShowWindow() and delaying
SetForegroundWindow() as these could otherwise wait if the current
foreground Window is controlled by the calling thread.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Fixes segfault when echo msg-notify happens with
no message to display.
As ShellNotify does not display with empty messages, we
set space (L" ") as message to allow title-only notifications.
Closes github: #771
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Any previously saved plain text username is migrated to
DPAPI encrypted form.
Notes
(i) plain username in registry is migrated only on first use
(ii) username is always saved -- this patch does not alter
that behaviour.
TODO: Migrate all saved usernames to encrypted form?
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Required for correct behavior under right click as well as
keyboard event (Shift-F10) for context menu.
The location of the context menu is now taken from the
message as the cursor position may not match when triggered by
keyboard event.
Fixes Github #763
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This commit significantly improves the Turkish localization of the OpenVPN GUI by
translating numerous strings that were previously in English. The changes include:
1. User Interface Elements:
- Translated all remaining English text in dialog boxes
- Properly localized checkbox and button labels
- Updated radio button text to Turkish
- Improved existing translations for better clarity
2. Dialog Box Translations:
- Passphrase Dialog: Translated "Save password" to "Şifreyi Kaydet"
- Authentication Dialog: Translated remaining English elements
- Advanced Dialog: Fully translated all configuration options
- General Settings: Translated UI preferences and options
- URL Profile Import: Localized all elements
3. Menu Items:
- Translated all import-related menu options
- Localized "Clear Saved Passwords" to "Kayıtlı Şifreleri Temizle"
- Fixed other menu item translations
4. Status and Error Messages:
- Translated OpenVPN daemon state names for connection progress
- Localized error messages for import functionality
- Updated authentication-related notifications
- Translated PKCS11 certificate list headers
5. Technical Terminology:
- Consistently translated technical terms across the application
- Used appropriate Turkish terminology for networking concepts
These changes provide a more consistent and professional Turkish localization
that will improve the user experience for Turkish-speaking users.
Add a timer to periodically simulate mouse movement
using SendInput, preventing the pre-logon UI from being
dismissed due to inactivity during mobile QR code authentication.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When CR_TEXT or dynamic CR prompt is triggered with
'response not required' ('R' not present in flags), we hide the response
box, but not the password reveal eye icon. Fix it.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Instead of opening the browser window in PLAP context (which is insecure),
display a dialog with QR code and ask user to scan it on mobile device.
QR code generation is taken from MIT-licensed library:
https://github.com/nayuki/QR-Code-generator/blob/master/c/qrcodegen.c
Before I tried vcpkg libqrencode package but gave up after
10 mins of dependencies building (it requires msys2 etc).
Note that you need to add
setenv IV_SSO webauth
to PLAP profile to make it work.
Fixes: https://github.com/OpenVPN/openvpn-gui/issues/687
Signed-off-by: Lev Stipakov <lev@openvpn.net>
C:\\windows\\Temp\\ has been write-protected since a while,
so instead of hardcoding the (wrong) path, use GetTempPath().
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Since the introduction of persistent connections, we
no longer recreate the entire config menu but only add newly
added connection profiles during each rescan. This leaves
any deleted configs actively displayed in the menu until the
GUI is restarted.
Improve this situation by graying out entries corresponding to
profiles not readable from file system. If the file reappears,
the item gets automatically enabled again.
Also, if the corresponding connection is active, the item is not
grayed out to allow the user to disconnect or reconnect it.
Otherwise the corresponding OpenVPN core process will hang around
with no way to control it from the GUI. Here "active" includes
those on management-hold in case of persistent connections, as
those can be started even if the underlying config file has
gone missing.
Addresses github issue #729
Signed-off-by: Selva Nair <selva.nair@gmail.com>
echo.c:221:72: error: comparison of integer expressions of
different signedness: ‘long unsigned int’ and
‘time_t’ {aka ‘long int’} [-Werror=sign-compare]
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
tray.c:783:36: error: the comparison will always
evaluate as ‘true’ for the pointer operand [...]
must not be NULL [-Werror=address]
True.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This happens on newer MinGW versions:
openvpn.c:176:19: error: the comparison will always
evaluate as ‘false’ for the pointer operand in
‘flags + -1’ must not be NULL [-Werror=address]
Strictly speaking this is a false positive, but
the pointer handling is a bit weird, so make the
code more straight-forward.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
But avoid -Wcast-function-type (from -Wextra)
since that is not useful for code using
GetProcAddress.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Avoid
warning C4996: '_snwprintf': This function or variable may be unsafe
Also makes the code generally simpler.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
openvpn.c:1709:29: warning: ISO C does not support the 'I'
scanf flag [-Wformat=]
openvpn.c:1709:34: warning: format ‘%u’ expects argument
of type ‘unsigned int *’, but argument 3 has type
‘long long unsigned int *’ [-Wformat=]
Switch to using portable identifiers.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
openvpn-inc-ci